Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub ΞΞ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is

I had set this up once before on a previous Antergos install and had problems until I figured out I was missing dnsmasq. After installing it my config worked. So I installed on Reborn and I am still getting an error on the last step. I actually imported my config files three times trying to figure out what I had done wrong. Here is what I put into terminal for the last step minus my token and what came out:

I am not sure what the deal is. I have DNSMASQ and Openvpn. are there any other dependencies or am I missing something else. I followed the Ubuntu guide minus the append the three lines to the config files as arch doesn't have the same script Ubuntu does.I have all the servers on my panel probably times three, but, they require the token.

Nevermind I connected via terminal since that is better. I do have one problem though. This part didn't work.So you don't have to enter your token every time you connect, store your token in a random file.(Replace CsTok-enGvX-F4b4a-j7CED with your token or your token's hash using the token hasher at https://cryptostorm.is/#section6, under the teddy bearAnd replace /home/test/cstoken with the location you want to save the token to. My username is "test", so I'm storing the file in /home/test/cstoken)echo CsTok-enGvX-F4b4a-j7CED > /home/test/cstoken;echo anythingcangohere >> /home/test/cstoken;chmod 600 /home/test/cstokenThen edit all the configs to use /home/test/cstoken:sed -e's_^auth-user-pass_auth-user-pass /home/test/cstoken_' -i *.ovpnThis part replacing test with my username did not work for me. It made a file but it still asks me for a password when I connect. The file is in my home folder with nothing on it but my token.

See the updated commands @ https://cryptostorm.is/nixTurns out on some non-Ubuntu distros NM adds the file extension '.nmconnection' for the configs in /etc/NetworkManager/system-connections/So the commands have been updated to check for that

Sounds like your DNS is misconfigured, or maybe you've got a killswitch that's interfering?sweden.cryptostorm.ch resolves to 27 IPs for me, and I tested against several different public DNS servers.

Check your /etc/resolv.conf and see what IP your DNS is pointed at before connecting.On some Linux distros a local dnsmasq server is used, so it might say something like 127.0.1.1but in those cases if dnsmasq isn't running, DNS would fail.

Try running the command: host google.comor if you don't have the `host` command: nslookup google.comIf that also fails, then it's definitely your DNS settings

The host check worked fine.I had 75.75.75.75. I changed it to cloudflare's 1.1.1.1 because that is what I thought I was using before. As far as the kill switch goes, I did install ipredetor's netsplice, to try out, but, never got a trial so I uninstalled it.

Both the `host` command and OpenVPN use the DNS settings that are in /etc/resolv.confCan't think of any reason why `host` would work but openvpn wouldn't...But check that file anyways to see what's in it. If it's got 'nameserver 127.0.1.1' then you're probably using a local dnsmasq server, which is the default for Ubuntu and some other Debian based distros.If dnsmasq isn't running, or something else is being used that's changing the DNS settings then it could cause these issues.

Another thing is that Comcast's 75.75.75.75 and 75.75.76.76 DNS servers aren't actually public DNS servers, they only work if you're coming from a Comcast IP. So if you're using something that might be changing the IP that's connecting to those DNS servers, which would be the case if you're using DNSCrypt, then that could also cause those failures.I'm not sure how you set your DNS to 1.1.1.1 before, but I'd recommend doing that via /etc/resolv.conf with the command:echo 'nameserver 1.1.1.1' > /etc/resolv.confthen trying openvpn again

Even with the above command, something could still overwrite /etc/resolv.conf with something else. So after running the above command you could make the file immutable (it's like read-only) with `chattr +i /etc/resolv.conf`But it would be better to figure out what's changing resolv.conf and telling it not to, or work within that program's configuration.

Another useful command in all this is: `host whoami.cryptostorm.is`The custom DNS server at whoami.cryptostorm.is is designed to respond to all queries with an A record that contains the IP that made the final request.I.e.,

Okay I edited the resolve,conf file like you said and made it read only. Here is the output trying to connect to Paris. Basically the same as before.I think anyway.Because It won't read the cstoken text file like in the tutorial I am just putting whatever as a name and my token as a password.

I just tested with a clean Reborn OS install, it resolves it fine. Are you sure when you uninstalled that killswitch it really was uninstalled?Could be some iptables rules leftover blocking the DNS, or maybe something else you did changed the cryptostorm OpenVPN config?

I uninstalled in the package manager. I never configured it though. I opened the program once to see how an install worked and it threw an error which I figured was because I didn't have that VPN. Their website doesn't give how to's for that program even as it is in beta I believe. The only reason I wanted to try it is because they have it for arch. I'm not really sure what it did or changed if anything. And yes I get 27 ip's.

"I uninstalled in the package manager", but did you install using that "VPN Manager" shortcut that runs /usr/bin/vpn-manager.sh? That thing was buggy as hell, I run it just ffs and selected PIA, it got stuck in a loop.

Anyways, how are you running OpenVPN? Just a plain `openvpn --config Balancer_UDP.ovpn` (or whatever)?

If you're doing that, one way to really debug exactly what DNS is being used is with:strace -fF -esendmmsg,recvfrom -s65536 openvpn --config Balancer_UDP.ovpn

The first sendmmsg() and recvfrom() calls are generally to/from your DNS server.

But an easier way is to check /etc/resolv.conf and see what's in there, and if whatever it's pointing to is changing things

Allthat is on my resolv.conf after your suggested change is nameserver 1.1.1.1.This is what I installed. https://ipredator.se/netsplice#client_general The arch link. Then I unisntalled using pamac, reborn's gui package manager.

So with 1.1.1.1 the only thing in your resolv.conf, you get cannot resolve errors with OpenVPN?heh, I've got an idea. change the remote lines in the OpenVPN config so that you're connecting to the hostname whoami.cryptostorm.isit'll fail, but it'll tell you what DNS is actually being used at the time of connecting to OpenVPN.

I just tried with 1.1.1.1 in my /etc/resolv.conf and no iptables rules, in my openvpn output I see:Thu Nov 29 19:21:14 2018 us=570793 UDP link remote: [AF_INET]172.69.66.180:443which is a cloudflare IP behind their 1.1.1.1

If you get anything that isn't a cloudflare IP, then something else is changing your DNS, perhaps with iptables rules.

EDIT:just got your iptables log post while posting this... nothing in the nat table.the default iptables rules do have alot of ufw stuff in them, but i'm not seeing anything that would conflict with DNS.even so, you could try flushing out all those rules with `iptables -F` then trying to connect again